T5 Dispatcher: How to correctly order the Pipeline

Fri, 30 Jul 2010 03:07:07 -0700 

Hi everyone,
I created a Service, contributeded it as Dispatcher to check on request of secured pages (using tapestry-spring-security with @Secured annotation) whether the user profile has all required fields filled out. In case, information is missing, the user is forwarded to his profile page and requested to update the required fields. 


So far so good, following the AccessController example from the Tapestry 
HowTos I could build the service and add it to the Dispatcher Pipeline:

--- (important part from AccessController):
Component page = componentSource.getPage(pageName);

    boolean privatePage = page.getClass().getAnnotation( Secured.class 
) != null;


    if (privatePage)
    {
      canAccess = false;
      /* Is the user already authentified ? */
      if(asm.exists(User.class))
      {
        User user = asm.get(User.class);
        canAccess = user.getUserProfile().isComplete();

        System.out.println("user " + user.getUsername() + " has 
completed his profile: " + canAccess);

      }
    }
---

public static void 
contributeMasterDispatcher(OrderedConfiguration<Dispatcher> 
configuration, AccessController accessController){
        configuration.add("AccessWithCompleteProfileController", 
accessController, "after:*");

}
---


My problem is apparently  with the sequence of the pipeline, as with the 
above stated "after:*" the service never is actually executed (simple 
System out calls to check), with "before:*" I get an redirect error from 
the server ("indefinite loop") and without any declaration it again is 
not called at all.



I'd appreciate a little guidance on the correct way to solve that issue. 
I see the following options:
1. Get AccessController invoked as the last service in Dispatcher 
pipeline (all other checks done before). I suspect SecurityChecker to 
break the line.
2. Figure out whether User is logged in already and do not break the 
chain in AccessController if User is not logged in. Next page request 
will do the check.
3. Implement my own Security Checker and include the AccessController 
into that code.


Regards
Daniel

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org























					Reply via email to